Malware Classifier is a command-line tool that lets antivirus analysts,
IT administrators, and security researchers quickly and easily determine
if a binary file contains malware: so they can develop malware detection
signatures faster, reducing the time during which users' systems are
vulnerable.
The tool uses machine-learning algorithms to classify Win32 binaries
– EXEs and DLLs – into three classes: 0 for “clean,” 1 for
“malicious,” or “UNKNOWN.”
The tool extracts seven key features from an unknown binary, feeds
them to one of the four classifiers or all of them, and presents
its classification of the unknown binary as "clean," "malicious," or
"unknown."
The tool was developed using models resultant from running the J48,
J48 Graft, PART, and Ridor machine-learning algorithms on a dataset of
approximately 100,000 malicious programs and 16,000 clean programs.